@kweaver-ai/kweaver-sdk 0.4.2 → 0.4.4

package/dist/api/vega.js

@@ -13,8 +13,11 @@ function buildHeaders(accessToken, businessDomain) {
 export async function vegaHealth(options) {
     const { baseUrl, accessToken, businessDomain = "bd_public", } = options;
     const base = baseUrl.replace(/\/+$/, "");
-    const url = `${base}/health`;
-    const response = await fetch(url, {
+    // Vega backend has no dedicated /health endpoint.
+    // Probe the catalogs list as a lightweight reachability check.
+    const url = new URL(`${base}${VEGA_BASE}/catalogs`);
+    url.searchParams.set("limit", "1");
+    const response = await fetch(url.toString(), {
         method: "GET",
         headers: buildHeaders(accessToken, businessDomain),
     });
@@ -22,7 +25,7 @@ export async function vegaHealth(options) {
     if (!response.ok) {
         throw new HttpError(response.status, response.statusText, body);
     }
-    return body;
+    return JSON.stringify({ status: "healthy", probe: "catalogs", statusCode: response.status });
 }
 export async function listVegaCatalogs(options) {
     const { baseUrl, accessToken, status, limit, offset, businessDomain = "bd_public", } = options;

package/dist/auth/oauth.d.ts

@@ -1,77 +1,11 @@
-import { type CallbackSession, type ClientConfig, type TokenConfig } from "../config/store.js";
-interface RegisterClientOptions {
-    baseUrl: string;
-    clientName: string;
-    redirectUri: string;
-    logoutRedirectUri: string;
-    lang?: string;
-    product?: string;
-    xForwardedPrefix?: string;
-}
+import { type TokenConfig } from "../config/store.js";
 export declare function normalizeBaseUrl(value: string): string;
-export declare function getAuthorizationSuccessMessage(): string;
-export declare function registerClient(options: RegisterClientOptions): Promise<ClientConfig>;
-export interface EnsureClientOptions {
-    baseUrl: string;
-    port: number;
-    clientName: string;
-    forceRegister: boolean;
-    host?: string;
-    redirectUriOverride?: string;
-    lang?: string;
-    product?: string;
-    xForwardedPrefix?: string;
-}
-export interface EnsuredClientConfig {
-    client: ClientConfig;
-    created: boolean;
-}
-export interface AuthRedirectConfig {
-    redirectUri: string;
-    logoutRedirectUri: string;
-    listenHost: string;
-    listenPort: number;
-    callbackPath: string;
-}
-export declare function buildAuthRedirectConfig(options: {
-    port: number;
-    host?: string;
-    redirectUriOverride?: string;
-}): AuthRedirectConfig;
-export declare function ensureClientConfig(options: EnsureClientOptions): Promise<EnsuredClientConfig>;
-export declare function buildAuthorizationUrl(client: ClientConfig, state?: string): string;
-/**
- * Call the platform's end-session endpoint so the server invalidates the session.
- * Best-effort: failures are ignored so local logout still proceeds.
- */
-export declare function callLogoutEndpoint(client: ClientConfig, token: TokenConfig | null): Promise<void>;
-export declare function refreshAccessToken(client: ClientConfig, refreshToken: string): Promise<TokenConfig>;
+export declare function playwrightLogin(baseUrl: string, options?: {
+    username?: string;
+    password?: string;
+}): Promise<TokenConfig>;
 export declare function ensureValidToken(opts?: {
     forceRefresh?: boolean;
 }): Promise<TokenConfig>;
-export interface AuthLoginOptions {
-    baseUrl: string;
-    port: number;
-    clientName: string;
-    open: boolean;
-    forceRegister: boolean;
-    host?: string;
-    redirectUriOverride?: string;
-    lang?: string;
-    product?: string;
-    xForwardedPrefix?: string;
-}
-export declare function login(options: AuthLoginOptions): Promise<{
-    client: ClientConfig;
-    token: TokenConfig;
-    authorizationUrl: string;
-    callback: CallbackSession;
-    created: boolean;
-}>;
-export declare function getStoredAuthSummary(baseUrl?: string): {
-    client: ClientConfig | null;
-    token: TokenConfig | null;
-    callback: CallbackSession | null;
-};
+export declare function withTokenRetry<T>(fn: (token: TokenConfig) => Promise<T>): Promise<T>;
 export declare function formatHttpError(error: unknown): string;
-export {};

package/dist/auth/oauth.js

@@ -1,276 +1,85 @@
-import { createServer } from "node:http";
-import { randomBytes } from "node:crypto";
-import { URL } from "node:url";
-import { openBrowser } from "../utils/browser.js";
-import { fetchTextOrThrow, HttpError, NetworkRequestError } from "../utils/http.js";
-import { getCurrentPlatform, loadCallbackSession, loadClientConfig, loadTokenConfig, saveCallbackSession, saveClientConfig, saveTokenConfig, setCurrentPlatform, } from "../config/store.js";
+import { getCurrentPlatform, loadTokenConfig, saveTokenConfig, setCurrentPlatform, } from "../config/store.js";
+import { HttpError, NetworkRequestError } from "../utils/http.js";
+const TOKEN_TTL_SECONDS = 3600;
 export function normalizeBaseUrl(value) {
     return value.replace(/\/+$/, "");
 }
-function randomValue(size = 24) {
-    return randomBytes(size).toString("hex");
-}
-export function getAuthorizationSuccessMessage() {
-    return "Authorization succeeded. You can close this page and return to the terminal.";
-}
-function toBasicAuth(clientId, clientSecret) {
-    const user = encodeURIComponent(clientId);
-    const password = encodeURIComponent(clientSecret);
-    return `Basic ${Buffer.from(`${user}:${password}`).toString("base64")}`;
-}
-function buildTokenConfig(baseUrl, token) {
-    const obtainedAt = new Date().toISOString();
-    const expiresAt = token.expires_in === undefined
-        ? undefined
-        : new Date(Date.now() + token.expires_in * 1000).toISOString();
-    return {
-        baseUrl,
-        accessToken: token.access_token,
-        tokenType: token.token_type,
-        scope: token.scope,
-        expiresIn: token.expires_in,
-        expiresAt,
-        refreshToken: token.refresh_token,
-        idToken: token.id_token,
-        obtainedAt,
-    };
-}
-export async function registerClient(options) {
-    const baseUrl = normalizeBaseUrl(options.baseUrl);
-    const payload = {
-        client_name: options.clientName,
-        grant_types: ["authorization_code", "implicit", "refresh_token"],
-        response_types: ["token id_token", "code", "token"],
-        scope: "openid offline all",
-        redirect_uris: [options.redirectUri],
-        post_logout_redirect_uris: [options.logoutRedirectUri],
-        metadata: {
-            device: {
-                name: options.clientName,
-                client_type: "web",
-                description: "kweaver CLI",
-            },
-        },
-    };
-    const { body } = await fetchTextOrThrow(`${baseUrl}/oauth2/clients`, {
-        method: "POST",
-        headers: {
-            "content-type": "application/json",
-            accept: "application/json",
-        },
-        body: JSON.stringify(payload),
-    });
-    const data = JSON.parse(body);
-    const clientConfig = {
-        baseUrl,
-        clientId: data.client_id,
-        clientSecret: data.client_secret,
-        redirectUri: options.redirectUri,
-        logoutRedirectUri: options.logoutRedirectUri,
-        scope: payload.scope,
-        lang: options.lang,
-        product: options.product,
-        xForwardedPrefix: options.xForwardedPrefix,
-    };
-    saveClientConfig(clientConfig);
-    return clientConfig;
-}
-function toSuccessfulLogoutPath(pathname) {
-    if (pathname.endsWith("/callback")) {
-        return `${pathname.slice(0, -"/callback".length)}/successful-logout`;
-    }
-    return `${pathname.replace(/\/$/, "")}/successful-logout`;
-}
-function normalizeListenHost(host) {
-    return host?.trim() || "127.0.0.1";
-}
-export function buildAuthRedirectConfig(options) {
-    const listenHost = normalizeListenHost(options.host);
-    const listenPort = options.port;
-    if (options.redirectUriOverride) {
-        const redirect = new URL(options.redirectUriOverride);
-        const logout = new URL(options.redirectUriOverride);
-        logout.pathname = toSuccessfulLogoutPath(redirect.pathname);
-        logout.search = "";
-        logout.hash = "";
-        return {
-            redirectUri: redirect.toString(),
-            logoutRedirectUri: logout.toString(),
-            listenHost,
-            listenPort,
-            callbackPath: redirect.pathname,
-        };
-    }
-    return {
-        redirectUri: `http://${listenHost}:${listenPort}/callback`,
-        logoutRedirectUri: `http://${listenHost}:${listenPort}/successful-logout`,
-        listenHost,
-        listenPort,
-        callbackPath: "/callback",
-    };
-}
-export async function ensureClientConfig(options) {
-    const baseUrl = normalizeBaseUrl(options.baseUrl);
-    const redirect = buildAuthRedirectConfig({
-        port: options.port,
-        host: options.host,
-        redirectUriOverride: options.redirectUriOverride,
-    });
-    const { redirectUri, logoutRedirectUri } = redirect;
-    const client = loadClientConfig(baseUrl);
-    if (client &&
-        !options.forceRegister &&
-        client.baseUrl === baseUrl &&
-        client.redirectUri === redirectUri &&
-        client.clientId &&
-        client.clientSecret) {
-        return { client, created: false };
+export async function playwrightLogin(baseUrl, options) {
+    let chromium;
+    try {
+        const modName = "playwright";
+        const pw = await import(/* webpackIgnore: true */ modName);
+        chromium = pw.chromium;
     }
-    const createdClient = await registerClient({
-        baseUrl,
-        clientName: options.clientName,
-        redirectUri,
-        logoutRedirectUri,
-        lang: options.lang,
-        product: options.product,
-        xForwardedPrefix: options.xForwardedPrefix,
-    });
-    return {
-        client: createdClient,
-        created: true,
-    };
-}
-export function buildAuthorizationUrl(client, state = randomValue(12)) {
-    const authorizationUrl = new URL(`${client.baseUrl}/oauth2/auth`);
-    authorizationUrl.searchParams.set("redirect_uri", client.redirectUri);
-    authorizationUrl.searchParams.set("x-forwarded-prefix", client.xForwardedPrefix ?? "");
-    authorizationUrl.searchParams.set("client_id", client.clientId);
-    authorizationUrl.searchParams.set("scope", client.scope);
-    authorizationUrl.searchParams.set("response_type", "code");
-    authorizationUrl.searchParams.set("state", state);
-    authorizationUrl.searchParams.set("lang", client.lang ?? "zh-cn");
-    if (client.product) {
-        authorizationUrl.searchParams.set("product", client.product);
+    catch {
+        throw new Error("Playwright is not installed. Run:\n  npm install playwright && npx playwright install chromium");
     }
-    return authorizationUrl.toString();
-}
-function waitForAuthorizationCode(options, expectedState) {
-    const { listenHost, listenPort, callbackPath } = options;
-    return new Promise((resolve, reject) => {
-        const server = createServer((request, response) => {
-            if (!request.url) {
-                response.statusCode = 400;
-                response.end("Missing request URL");
-                return;
-            }
-            const callbackUrl = new URL(request.url, `http://${request.headers.host ?? `${listenHost}:${listenPort}`}`);
-            if (callbackUrl.pathname !== callbackPath) {
-                response.statusCode = 404;
-                response.end("Not Found");
-                return;
-            }
-            const error = callbackUrl.searchParams.get("error");
-            if (error) {
-                response.statusCode = 400;
-                response.end(`Authorization failed: ${error}`);
-                server.close();
-                reject(new Error(`Authorization failed: ${error}`));
-                return;
-            }
-            const state = callbackUrl.searchParams.get("state");
-            if (state !== expectedState) {
-                response.statusCode = 400;
-                response.end("State mismatch");
-                server.close();
-                reject(new Error("State mismatch in OAuth callback"));
-                return;
+    const hasCredentials = options?.username && options?.password;
+    const browser = await chromium.launch({ headless: hasCredentials ? true : false });
+    try {
+        const context = await browser.newContext();
+        const page = await context.newPage();
+        await page.goto(`${baseUrl}/api/dip-hub/v1/login`, {
+            waitUntil: "networkidle",
+            timeout: 30_000,
+        });
+        if (hasCredentials) {
+            // Headless mode: auto-fill credentials
+            await page.waitForSelector('input[name="account"]', { timeout: 10_000 });
+            await page.fill('input[name="account"]', options.username);
+            await page.fill('input[name="password"]', options.password);
+            await page.click("button.ant-btn-primary");
+        }
+        // else: headed mode — user logs in manually in the browser window
+        const TIMEOUT_SECONDS = hasCredentials ? 30 : 120;
+        let accessToken = null;
+        for (let i = 0; i < TIMEOUT_SECONDS; i++) {
+            await new Promise((r) => setTimeout(r, 1000));
+            // Check cookies (works even after navigation)
+            for (const cookie of await context.cookies()) {
+                if (cookie.name === "dip.oauth2_token") {
+                    accessToken = decodeURIComponent(cookie.value);
+                    break;
+                }
             }
-            const code = callbackUrl.searchParams.get("code");
-            if (!code) {
-                response.statusCode = 400;
-                response.end("Missing authorization code");
-                server.close();
-                reject(new Error("Missing authorization code"));
-                return;
+            if (accessToken)
+                break;
+            // In headless mode, check for login error messages
+            if (hasCredentials) {
+                try {
+                    const errorEl = await page.$(".ant-message-error, .ant-alert-error");
+                    if (errorEl) {
+                        const errorText = await errorEl.textContent();
+                        throw new Error(`Login failed: ${errorText?.trim() || "unknown error"}`);
+                    }
+                }
+                catch (e) {
+                    if (e instanceof Error && e.message.startsWith("Login failed:"))
+                        throw e;
+                }
             }
-            response.statusCode = 200;
-            response.setHeader("content-type", "text/plain; charset=utf-8");
-            response.end(getAuthorizationSuccessMessage());
-            server.close();
-            resolve({
-                code,
-                state,
-                scope: callbackUrl.searchParams.get("scope") ?? undefined,
-            });
-        });
-        server.on("error", (error) => reject(error));
-        server.listen(listenPort, listenHost);
-    });
-}
-async function exchangeAuthorizationCode(client, code) {
-    const payload = new URLSearchParams({
-        grant_type: "authorization_code",
-        code,
-        redirect_uri: client.redirectUri,
-    });
-    const { body } = await fetchTextOrThrow(`${client.baseUrl}/oauth2/token`, {
-        method: "POST",
-        headers: {
-            "content-type": "application/x-www-form-urlencoded",
-            accept: "application/json",
-            authorization: toBasicAuth(client.clientId, client.clientSecret),
-        },
-        body: payload.toString(),
-    });
-    const tokenConfig = buildTokenConfig(client.baseUrl, JSON.parse(body));
-    saveTokenConfig(tokenConfig);
-    return tokenConfig;
-}
-/**
- * Call the platform's end-session endpoint so the server invalidates the session.
- * Best-effort: failures are ignored so local logout still proceeds.
- */
-export async function callLogoutEndpoint(client, token) {
-    const url = new URL(`${client.baseUrl}/oauth2/signout`);
-    if (token?.idToken) {
-        url.searchParams.set("id_token_hint", token.idToken);
-    }
-    url.searchParams.set("post_logout_redirect_uri", client.logoutRedirectUri);
-    url.searchParams.set("client_id", client.clientId);
-    try {
-        const response = await fetch(url.toString(), { method: "GET", redirect: "manual" });
-        if (!response.ok && response.status !== 302) {
-            const body = await response.text();
-            console.error(`Logout endpoint returned ${response.status}: ${body.slice(0, 200)}`);
         }
+        if (!accessToken) {
+            throw new Error(`Login timed out: dip.oauth2_token cookie not received within ${TIMEOUT_SECONDS} seconds.`);
+        }
+        const now = new Date();
+        const tokenConfig = {
+            baseUrl,
+            accessToken,
+            tokenType: "bearer",
+            scope: "",
+            expiresIn: TOKEN_TTL_SECONDS,
+            expiresAt: new Date(now.getTime() + TOKEN_TTL_SECONDS * 1000).toISOString(),
+            obtainedAt: now.toISOString(),
+        };
+        saveTokenConfig(tokenConfig);
+        setCurrentPlatform(baseUrl);
+        return tokenConfig;
     }
-    catch (err) {
-        const msg = err instanceof Error ? err.message : String(err);
-        console.error(`Logout endpoint request failed: ${msg}`);
+    finally {
+        await browser.close();
     }
 }
-export async function refreshAccessToken(client, refreshToken) {
-    const payload = new URLSearchParams({
-        grant_type: "refresh_token",
-        refresh_token: refreshToken,
-    });
-    const { body } = await fetchTextOrThrow(`${client.baseUrl}/oauth2/token`, {
-        method: "POST",
-        headers: {
-            "content-type": "application/x-www-form-urlencoded",
-            accept: "application/json",
-            authorization: toBasicAuth(client.clientId, client.clientSecret),
-        },
-        body: payload.toString(),
-    });
-    const parsed = JSON.parse(body);
-    const tokenConfig = buildTokenConfig(client.baseUrl, {
-        ...parsed,
-        refresh_token: parsed.refresh_token ?? refreshToken,
-    });
-    saveTokenConfig(tokenConfig);
-    return tokenConfig;
-}
 export async function ensureValidToken(opts) {
     const envToken = process.env.KWEAVER_TOKEN;
     const envBaseUrl = process.env.KWEAVER_BASE_URL;
@@ -280,98 +89,42 @@ export async function ensureValidToken(opts) {
             baseUrl: normalizeBaseUrl(envBaseUrl),
             accessToken: rawToken,
             tokenType: "bearer",
-            scope: "openid",
+            scope: "",
             obtainedAt: new Date().toISOString(),
         };
     }
     const currentPlatform = getCurrentPlatform();
     if (!currentPlatform) {
-        throw new Error("No active platform selected. Run `kweaver auth <platform-url>` first.");
+        throw new Error("No active platform selected. Run `kweaver auth login <platform-url>` first.");
+    }
+    if (opts?.forceRefresh) {
+        throw new Error(`Token refresh is not supported. Run \`kweaver auth login ${currentPlatform}\` again.`);
     }
-    const client = loadClientConfig(currentPlatform);
     const token = loadTokenConfig(currentPlatform);
-    if (!client || !token) {
-        throw new Error(`Missing saved credentials for ${currentPlatform}. Run \`kweaver auth ${currentPlatform}\` first.`);
+    if (!token) {
+        throw new Error(`No saved token for ${currentPlatform}. Run \`kweaver auth login ${currentPlatform}\` first.`);
     }
-    if (!opts?.forceRefresh) {
-        if (!token.expiresAt) {
-            return token;
-        }
+    if (token.expiresAt) {
         const expiresAtMs = Date.parse(token.expiresAt);
-        if (Number.isNaN(expiresAtMs) || expiresAtMs - 60_000 > Date.now()) {
-            return token;
+        if (!Number.isNaN(expiresAtMs) && expiresAtMs - 60_000 <= Date.now()) {
+            throw new Error(`Access token expired. Run \`kweaver auth login ${currentPlatform}\` again.`);
         }
     }
-    if (!token.refreshToken) {
-        throw new Error("Access token expired and no refresh token is available. Run auth login again.");
-    }
-    return refreshAccessToken(client, token.refreshToken);
+    return token;
 }
-export async function login(options) {
-    const redirect = buildAuthRedirectConfig({
-        port: options.port,
-        host: options.host,
-        redirectUriOverride: options.redirectUriOverride,
-    });
-    const { client, created } = await ensureClientConfig({
-        baseUrl: options.baseUrl,
-        port: options.port,
-        clientName: options.clientName,
-        forceRegister: options.forceRegister,
-        host: options.host,
-        redirectUriOverride: options.redirectUriOverride,
-        lang: options.lang,
-        product: options.product,
-        xForwardedPrefix: options.xForwardedPrefix,
-    });
-    const state = randomValue(12);
-    const authorizationUrl = buildAuthorizationUrl(client, state);
-    const waitForCode = waitForAuthorizationCode({
-        listenHost: redirect.listenHost,
-        listenPort: redirect.listenPort,
-        callbackPath: redirect.callbackPath,
-    }, state);
-    if (options.open) {
-        console.log(`Opening browser for authorization: ${authorizationUrl}`);
-        const opened = await openBrowser(authorizationUrl);
-        if (!opened) {
-            console.error("Failed to open a browser automatically. Open this URL manually:");
-            console.error(authorizationUrl);
-        }
+export async function withTokenRetry(fn) {
+    const token = await ensureValidToken();
+    try {
+        return await fn(token);
     }
-    else {
-        console.log("Authorization URL:");
-        console.log(authorizationUrl);
-        console.log("");
-        console.log(`Redirect URI: ${client.redirectUri}`);
-        console.log(`Waiting for OAuth callback on http://${redirect.listenHost}:${redirect.listenPort}${redirect.callbackPath}`);
-        if (redirect.listenHost === "127.0.0.1" || redirect.listenHost === "localhost") {
-            console.log("");
-            console.log("If your browser is on another machine, use SSH port forwarding first:");
-            console.log(`ssh -L ${redirect.listenPort}:127.0.0.1:${redirect.listenPort} user@server`);
+    catch (error) {
+        if (error instanceof HttpError && error.status === 401) {
+            const platform = token.baseUrl;
+            throw new Error(`Authentication failed (401). Token may be expired or revoked.\n` +
+                `Run \`kweaver auth login ${platform}\` again.`);
         }
+        throw error;
     }
-    const callbackResult = await waitForCode;
-    const callback = {
-        baseUrl: client.baseUrl,
-        redirectUri: client.redirectUri,
-        code: callbackResult.code,
-        state: callbackResult.state,
-        scope: callbackResult.scope,
-        receivedAt: new Date().toISOString(),
-    };
-    saveCallbackSession(callback);
-    const token = await exchangeAuthorizationCode(client, callbackResult.code);
-    setCurrentPlatform(client.baseUrl);
-    return { client, token, authorizationUrl, callback, created };
-}
-export function getStoredAuthSummary(baseUrl) {
-    const targetBaseUrl = baseUrl ?? getCurrentPlatform() ?? undefined;
-    return {
-        client: loadClientConfig(targetBaseUrl),
-        token: loadTokenConfig(targetBaseUrl),
-        callback: loadCallbackSession(targetBaseUrl),
-    };
 }
 function formatOAuthErrorBody(body) {
     let data;

package/dist/cli.js

@@ -2,6 +2,7 @@ import { runAgentCommand } from "./commands/agent.js";
 import { runAuthCommand } from "./commands/auth.js";
 import { runKnCommand } from "./commands/bkn.js";
 import { runCallCommand } from "./commands/call.js";
+import { runConfigCommand } from "./commands/config.js";
 import { runContextLoaderCommand } from "./commands/context-loader.js";
 import { runDsCommand } from "./commands/ds.js";
 import { runTokenCommand } from "./commands/token.js";
@@ -32,6 +33,7 @@ Usage:
   kweaver bkn create [options]
   kweaver bkn update <kn-id> [options]
   kweaver bkn delete <kn-id>
+  kweaver config [set-bd|show]
   kweaver vega [health|stats|inspect|catalog|resource|connector-type]
   kweaver context-loader [config|kn-search|...]
   kweaver --help
@@ -43,6 +45,7 @@ Commands:
   ds             Manage datasources (list, get, delete, tables, connect)
   agent          Chat with a KWeaver agent (agent chat <id>), list published agents (agent list)
   bkn           Business knowledge network (list/get/create/update/delete/export/stats; object-type, subgraph, action-type, action-log)
+  config         Per-platform configuration (business domain)
   vega           Vega observability platform (catalogs, resources, connector-types, health)
   context-loader Call context-loader MCP (tools, resources, prompts; kn-search, query-*, etc.)
   help           Show this message`);
@@ -74,6 +77,9 @@ export async function run(argv) {
     if (command === "vega") {
         return runVegaCommand(rest);
     }
+    if (command === "config") {
+        return runConfigCommand(rest);
+    }
     if (command === "context-loader" || command === "context") {
         return runContextLoaderCommand(rest);
     }

package/dist/client.js

@@ -122,18 +122,7 @@ export class KWeaverClient {
         try {
             const probe = await fetch(`${token.baseUrl.replace(/\/+$/, "")}/api/ontology-manager/v1/knowledge-networks?limit=1`, { headers: { authorization: `Bearer ${token.accessToken}`, token: token.accessToken } });
             if (probe.status === 401) {
-                try {
-                    token = await ensureValidToken({ forceRefresh: true });
-                }
-                catch {
-                    throw new Error("Access token revoked and refresh token also expired. " +
-                        "Run `kweaver auth login` to re-authenticate.");
-                }
-                return new KWeaverClient({
-                    baseUrl: token.baseUrl,
-                    accessToken: token.accessToken,
-                    ...opts,
-                });
+                throw new Error("Access token revoked. Run `kweaver auth login` to re-authenticate.");
             }
         }
         catch {

package/dist/commands/agent-chat.js

@@ -1,5 +1,6 @@
 import { ensureValidToken, formatHttpError } from "../auth/oauth.js";
 import { fetchAgentInfo, sendChatRequest } from "../api/agent-chat.js";
+import { resolveBusinessDomain } from "../config/store.js";
 function formatCliArg(value) {
     if (/^[A-Za-z0-9_./:=+-]+$/.test(value)) {
         return value;
@@ -42,7 +43,7 @@ export function parseChatArgs(args) {
     let conversationId;
     let stream;
     let verbose = false;
-    let businessDomain = "bd_public";
+    let businessDomain = "";
     for (let i = 0; i < args.length; i += 1) {
         const arg = args[i];
         if (arg === "-m" || arg === "--message") {
@@ -104,6 +105,8 @@ export function parseChatArgs(args) {
     if (!agentId) {
         throw new Error("Missing agent_id. Usage: kweaver agent chat <agent_id> [-m \"message\"]");
     }
+    if (!businessDomain)
+        businessDomain = resolveBusinessDomain();
     return { agentId, version, message, conversationId, stream, verbose, businessDomain };
 }
 export async function runAgentChatCommand(args) {